2024-09-02 18:31:19 +05:30
|
|
|
{
|
|
|
|
|
config,
|
|
|
|
|
lib,
|
|
|
|
|
pkgs,
|
|
|
|
|
...
|
2024-09-03 01:53:38 +05:30
|
|
|
}: {
|
2024-09-02 18:31:19 +05:30
|
|
|
options.snowflake.services.paperless = {
|
|
|
|
|
enable = lib.mkEnableOption "Enable paperless service";
|
|
|
|
|
|
|
|
|
|
domain = lib.mkOption {
|
|
|
|
|
type = lib.types.str;
|
|
|
|
|
default = "";
|
|
|
|
|
description = "Configuration domain to use for the paperless service";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
passwordFile = lib.mkOption {
|
|
|
|
|
description = "Age module containing the password to use for paperless";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
adminUser = lib.mkOption {
|
|
|
|
|
type = lib.types.str;
|
|
|
|
|
description = "Administrator username for the paperless service";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2024-09-03 01:53:38 +05:30
|
|
|
config = let
|
|
|
|
|
cfg = config.snowflake.services.paperless;
|
|
|
|
|
in
|
2024-09-02 18:31:19 +05:30
|
|
|
lib.mkIf cfg.enable {
|
|
|
|
|
age.secrets.paperless = {
|
|
|
|
|
inherit (cfg.passwordFile) file;
|
|
|
|
|
owner = "paperless";
|
|
|
|
|
group = "paperless";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
services.paperless = {
|
|
|
|
|
enable = true;
|
|
|
|
|
package = pkgs.paperless-ngx;
|
|
|
|
|
|
|
|
|
|
passwordFile = config.age.secrets.paperless.path;
|
|
|
|
|
|
|
|
|
|
settings = {
|
|
|
|
|
PAPERLESS_URL = "https://${cfg.domain}";
|
|
|
|
|
PAPERLESS_OCR_LANGUAGE = "eng";
|
2024-09-15 11:22:36 +05:30
|
|
|
PAPERLESS_TASK_WORKERS = 4;
|
2024-09-02 18:31:19 +05:30
|
|
|
PAPERLESS_THREADS_PER_WORKER = 4;
|
|
|
|
|
PAPERLESS_ADMIN_USER = cfg.adminUser;
|
2024-09-03 01:53:38 +05:30
|
|
|
PAPERLESS_FILENAME_FORMAT = "{created_year}/{document_type}/{title}";
|
2024-09-02 18:31:19 +05:30
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Requires services.nginx.enable.
|
|
|
|
|
services.nginx = {
|
|
|
|
|
virtualHosts = {
|
|
|
|
|
"${cfg.domain}" = {
|
|
|
|
|
serverName = "${cfg.domain}";
|
|
|
|
|
enableACME = true;
|
|
|
|
|
forceSSL = true;
|
|
|
|
|
locations."/" = {
|
|
|
|
|
proxyPass = "http://127.0.0.1:${toString config.services.paperless.port}/";
|
2024-09-04 02:15:28 +05:30
|
|
|
proxyWebsockets = true;
|
2024-09-02 18:31:19 +05:30
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
2024-09-30 01:17:54 +05:30
|
|
|
|
2024-09-30 11:16:19 +05:30
|
|
|
snowflake.services.backups.config.paperless = {
|
2024-09-30 01:17:54 +05:30
|
|
|
dynamicFilesFrom = let
|
|
|
|
|
path = config.services.paperless.dataDir;
|
|
|
|
|
in ''
|
|
|
|
|
mkdir -p ${path}/exported
|
|
|
|
|
${path}/paperless-manage document_exporter ${path}/exported
|
|
|
|
|
echo ${path}/exported/
|
|
|
|
|
'';
|
|
|
|
|
};
|
2024-10-05 21:00:53 +05:30
|
|
|
|
|
|
|
|
services.fail2ban.jails.paperless = {
|
|
|
|
|
enabled = true;
|
|
|
|
|
filter = "paperless";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
environment.etc = {
|
|
|
|
|
paperless-ngx = {
|
|
|
|
|
target = "fail2ban/filter.d/paperless.conf";
|
|
|
|
|
text = ''
|
|
|
|
|
[Definition]
|
|
|
|
|
failregex = Login failed for user `.*` from (?:IP|private IP) `<HOST>`\.$
|
|
|
|
|
ignoreregex =
|
|
|
|
|
journalmatch = _SYSTEMD_UNIT=paperless-web.service
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
};
|
2024-09-02 18:31:19 +05:30
|
|
|
};
|
|
|
|
|
}
|
